@Mission-Ghost never mind...I just found: https://forum.netgate.com/topic/195386/after-update-4200-to-24-11-queues-status-page-no-longer-works/7 Apparently it's a bug that turned up in beta and has a redmine ticket. From the topic cited, there's a method to check that it's working. I'll do that.

@bipton said in The traffic download limit only applies half of what I give it. why?: rules used default gateway There is this, scheduled for 2.8...? https://redmine.pfsense.org/issues/14854 "...if the gateway is left to default the limiter works as expected but if a specific gateway or a gateway group is specified the limiter [drops by half]."

Same Report... I am sure it would be a bug. The only temporary fix I did is to Increase twice the value and add +2 to be sure...

@jimbrown-dm said in Doc VPN: @jimbrown-dm You can use free xnxubd vpn browser vpn app to browser internet freely. https://www.tomsguide.com/computing/vpns/dont-download-xnxubd-vpn-browser-its-dangerous

Turns out the bufferbloat limiters do not limit ACKs. How can I make it also limit ACKs?

@Gertjan thank you for your help. Of course I will upgrade... But I have to wait for the end of the season as I cannot shutdown the system even for 10 minutes with 2500 customers on it. Have a nice time :)

@vildsvin123 said in Traffic shaping limiters per port, upload limter doesent work: local machine 192.168.1.123 witch runs the cloud and clients connecting from outside throu wan interface Matching can be tricky, I suggest looking at the open state for the connection. For example "downloading a file from a web server in my office" matches the inbound connection to the web server, not an outbound response. The outbound follows back out the inbound state. As noted floating rules are outside NAT. One can match a floating rule to a source only by tagging it on the way in as the packet arrives on LAN, then a rule saying "any packet with tag X" on the way out on WAN. I've used that for prioritizing voice (upload from a phone device IP) but I don't think for a limiter. If you haven't already, for testing, set the limiter to something low enough to be obvious in both directions, and a different number for in and out.

@_ToXIc_ I would revert the change regarding bloat. That doesn’t impact what’s going on here and typically it’s best left alone. There are also debug logs for the agent

@Aus_Karlos You can also try to modify your existing WAN rule: Go to Firewall > Rules > WAN. Edit the rule that currently handles the traffic for port 443 to your server. In the Advanced Options section, set the "In/Out pipe" for outgoing traffic to use the Global_Limit_Out limiter.

Update: I deleted all the limiter and Wireguard profiles and set up both of them from scratch. Now they are working together happily. No additional firewall rules needed.

@N0m0fud I link to my post, basically it's a freebsd issue max 4gb/s https://forum.netgate.com/topic/189679/codel-not-applying-after-4gb-s/2

@Poli Oh I founded that, so BSD still didn't fix it ? https://redmine.pfsense.org/issues/12661 I guess the fix was an upgrade from 2gb/s to 4gb/s why so low? https://reviews.freebsd.org/D31582